Hi pmal67,
Has it something to do with this download mentioned here?
have you seen this message and the address there:
http://mailman.videolan.org/pipermail/vlc/2011-August/020271.htmllink author is Rhett Trappman, he is
Malware Reseacher from (Microsoft Malware Protection Center Portal)
On VT url scan the following link is flagged by Phistank and TrendMicro flag this as it redirects to
-http://www.downloaddirect.com/download/VLCSetup.exe redirects to
-http://www.thislinkhasbeendisabled.com
better to say:
-http://www.downloaddirect.com/download/VLCSetup.exe redirects to
-http://www.thislinkhasbeendisabled.com
Looks like a parked domain site (suspicious?)
Check: -http://www.thislinkhasbeendisabled.com?epl=jkj6lnRts88GHbEC_W8rbVCKL8sFCYVTJHfxTxyQpkIuRkezOEFEmQ0kfEPsUqnhjYIDi4KyVQ3QWAo3oZnXdOWYXUXyDsqrnhru77q23IiPIPHPgImPuFL_DCNDT55tynf7XGOxGJC1QkVjQUq5LTzWCczqGlmibR7f7zRAKryBBsJwDDQAaGgA0aZMTxGi3oCMRmqP9KgePZGe5KmGlAAgwN7vvwAJBAjw_wEAAECA3wsAAKX4slxZUyZZQTE2aFpCrwAAAPA
see:
http://wepawet.iseclab.org/view.php?hash=cca04f1d06dbf1edfc33c94487210111&t=1315669489&type=js As we cannot get to the original download link for the Fake Version we cannot establish an analysis, not even for those performed in the past, or can you give the MD5 hash of the
executable in question. Normally it is 2A79FA3BB35B64661A5BBC05B6002CBD and
C663E66B07DC8BB4CD86B30D031026AF Unsafe versions are described here:
http://www.prevx.com/filenames/2097554129206086-X1/VLCSETUP.EXE.htmlpolonus